All Resources
How to Prevent Direct Deposit Phishing Scams
- Implement two-step or multi-factor verification for HR/payroll platforms.
- Require IT administrators to monitor unusual activity, such as a large number of accounts having contact and banking info changed over a short period.
- Have a policy of temporarily reverting to a paper check after a change to banking information.
- Ensure payroll login credentials are different from credentials used for other purposes.
- Set up alerts on self-service platforms for administrators so that unusual activity may be caught before money is lost. Alerts may include for when banking information is changed to online bank accounts typically used by fraudsters.
- Alert employees about the scam.
- Train employees to watch for phishing attacks and suspicious malware links. Checking the actual e-mail address rather than just looking at the display name can be crucial to spotting the attack early.
- Set a time delay between when direct deposit information is changed in the self-service portal and the actual deposit of funds into the new account to decrease the chance of the theft of funds.
SUGGESTED ARTICLES
All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.